The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen() and gzopen(). If a file is outside of the paths defined by open_basdir, PHP will refuse to open it.

If the function is relaxed then using PHP functions the file would be accessible.

This setting in cPanel only works if PHP is running as a DSO Apache module. If you are using PHP as CGI or PHP with suPHP, then the open_basedir setting doesn't really do anything.

Click to expand...

Ahhhhhhhhhhh...thank you for this. I just moved servers, and changing Apache from CGI to DSO was the only change, everything else I'm attempting to replicate. Only when I enable what I always thought were the standard security measures...mySQL can't connect, internal 500 errors, etc.

I'm afraid it does not prevent reading and it's really important to make note of

Click to expand...

It will if the files have the appropriate permissions.

With suPHP enabled, a PHP script can have the permissions of 0600 and still be viewable on that account.

For example:

/home/user1/public_html/file.php can have permissions of 0600. The domain name associated with user1 is mydomain.com. You can still visit the file by going to http://mydomain.com/file.php.

Now another user on the server, user2 will not have significant privileges to view the file at /home/user1/public_html/file.php because the permissions on that file are too low for user2 to be able to read the file.

Affectively, having permission of 0600 means that only user1 can read or write to this file.